StartupList report, 6/18/2009, 8:19:26 AM StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP3 (WinNT 5.01.2600) Detected: Internet Explorer v8.00 (8.00.6001.18702) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Broadcom Wireless Manager UI = C:\WINDOWS\system32\WLTRAY.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = NOTEPAD.EXE %1 -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Data Vault - C:\Program Files\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll - {8373ADC0-6330-11DD-9D77-22C856D89593} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} -------------------------------------------------- Enumerating Download Program Files: [SysProWmi Class] InProcServer32 = C:\WINDOWS\system32\Dell\SystemProfiler\SysPro.ocx CODEBASE = http://support.dell.com/systemprofiler/SysPro.CAB [TmHcmsX Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\TmHcmsX.ocx CODEBASE = http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB [Trend Micro ActiveX Scan Agent 6.6] InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll CODEBASE = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [ActiveScan 2.0 Installer Class] InProcServer32 = C:\Program Files\Panda Security\ActiveScan 2.0\as2stubie.dll CODEBASE = http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab [Windows Live Safety Center Base Module] InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll CODEBASE = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232062954330 [Creative Software AutoUpdate] InProcServer32 = C:\WINDOWS\DOWNLO~1\CTSUEngn.ocx CODEBASE = http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232999305658 [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Creative Software AutoUpdate Support Package] InProcServer32 = C:\WINDOWS\DOWNLO~1\CTPID.ocx CODEBASE = http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab [PCPitstop Exam] InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll CODEBASE = http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 6,091 bytes Report generated in 0.080 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only